Large-scale address sharing issues

‘There must be some way out of here,’ said the joker to the thief. Bob Dylan

Mat Ford

Irish IPv6 Summit 2010, Dublin

1

@@

Address sharing

2010-05-19 Irish IPv6 Summit 2010 2

@

ISP

Internet

Large-scale address sharing

2010-05-19 Irish IPv6 Summit 2010 3

ISP

Internet

@

Address Sharing• Current practice: give a unique IPv4 public

address to each subscriber– this address can be shared into the residential/office

LAN through a NAPT device (in the CPE)

• With IPv4 free-pool allocation completion this is no longer possible for new subscribers– Scalability of RFC1918 space also creating problems

• A possible solution: allocate the same IPv4 public address to several subscribers at the same time– this is what we call large-scale address sharing

2010-05-19 4Irish IPv6 Summit 2010

Port multiplexing

• Q: How is it possible to differentiate between multiple subscribers all sharing a single address?

• A: Use the transport layer port field to multiplex

2010-05-19 Irish IPv6 Summit 2010 5

Background

• Long-tail of subscribers requiring >median number of ports

Source: http://www.wand.net.nz/~salcock/someisp/flow_counting/result_page.html

2010-05-19 6Irish IPv6 Summit 2010

30 ports

2010-05-19 Irish IPv6 Summit 2010 7

Slide credit: Shin Miyakawa

20 ports

2010-05-19 Irish IPv6 Summit 2010 8

Slide credit: Shin Miyakawa

15 ports

2010-05-19 Irish IPv6 Summit 2010 9

Slide credit: Shin Miyakawa

5 ports

2010-05-19 Irish IPv6 Summit 2010 10

Slide credit: Shin Miyakawa

It’s your problem now• Introduction of large-scale address sharing creates

potentially serious issues for third parties:– Some applications will fail to operate– Reverse DNS will be affected– Inbound ICMP will fail in many cases– Amplification of security issues– Service usage monitoring and abuse logging will be impacted– Penalty boxes will no longer work– Spam blacklisting will be affected– Geo-location and geo-proximity mechanisms will be impacted– Load balancing algorithms may be impacted– Authentication mechanisms may be impacted– Traceability of network usage and abusage will be affected

2010-05-19 11Irish IPv6 Summit 2010

Impact on applications

• Breaks applications that– Establish inbound communications

– Carry address and/or port information in their payload

– Use fixed ports

– Do not use any port (ICMP)

– Assume uniqueness of source address

– Explicitly prohibit concurrent connections from identical addresses

2010-05-19 12Irish IPv6 Summit 2010

ICMP

• ICMP is problematic for address sharing mechanisms as it does not carry any port information

• Responses to outbound ICMP can be handled relatively easily

• Inbound ICMP sourced off-net will not be routable• ICMP attacks

– Malicious user could send Packet Too Big reducing the MTU down to 68 octets

– Value will be cached by server for all subscribers sharing the IP of the malicious user

– Could lead to a DoS condition for the server and the NAT

2010-05-19 13Irish IPv6 Summit 2010

Geo-proximity, geo-location

• Conforming with regional content licensing restrictions

• Targeting advertising• Customising content• Emergency services• Shared addressing may reduce level of

confidence and location granularity• Application performance may be affected

in the presence of highly centralised CGN

2010-05-19 14Irish IPv6 Summit 2010

Tracking service usage

• Monitoring unique users of a service no longer possible by simply counting connections from discrete IP addresses

• CPE NAT complicates this today, large-scale address sharing will make it a more widespread and severe issue

• In general, all elements that monitor usage or abusage in the chain between a service provider that has deployed address sharing and a content provider will need to be upgraded to take account of the port value in addition to IP addresses

2010-05-19 15Irish IPv6 Summit 2010

Traceability• Address sharing solutions must record and store all

mappings they create– Potentially very large volume of data– Pre-allocating groups of ports mitigates– Trade-offs between

• size of pre-allocated groups• ratio of public addresses to subscribers• Impact on logging requirements• Port randomisation security

• Need for timestamping and accurate timekeeping– Densely populated CGN could mean even small amounts

of clock skew result in misidentification of subscribers– Alternatively SPs start logging destinations, giving rise to

privacy concerns,

2010-05-19 16Irish IPv6 Summit 2010

Security-related issues

• Port randomisation• Abuse logging, penalty boxes– Need to log source port as well as

source address

• Spam• IPsec• Authentication

2010-05-19 17Irish IPv6 Summit 2010

Load balancing

• Deterministic algorithms based on IP addresses may see sudden imbalances in load as address sharing is enabled

• Growth of address sharing will require re-evaluation of load balancing algorithm designs

2010-05-19 18Irish IPv6 Summit 2010

Other issues

• Fragmentation• Multicast• Mobile-IP• Single Point of Failure• Reverse DNS– Reverse DNS strings no longer sufficient

to identify a discrete subscriber

2010-05-19 19Irish IPv6 Summit 2010

Conclusions

• Large-scale address sharing will make many existing address sharing issues more severe and more widespread

• Large-scale address sharing will also create new technical and business issues

• Third-parties, content providers, LEAs, will be impacted

• IPv6 is the only way to avoid this

2010-05-19 20Irish IPv6 Summit 2010